xref: /third_party/selinux/libsepol/src/user_record.c

#include <errno.h>
#include <stdlib.h>
#include <string.h>

#include "user_internal.h"
#include "debug.h"
#include "private.h"

struct sepol_user {
	/* This user's name */
	char *name;

	/* This user's mls level (only required for mls) */
	char *mls_level;

	/* This user's mls range (only required for mls) */
	char *mls_range;

	/* The role array */
	char **roles;

	/* The number of roles */
	unsigned int num_roles;
};

struct sepol_user_key {
	/* This user's name */
	char *name;
};

int sepol_user_key_create(sepol_handle_t * handle,
			  const char *name, sepol_user_key_t ** key_ptr)
{

	sepol_user_key_t *tmp_key =
	    (sepol_user_key_t *) malloc(sizeof(sepol_user_key_t));

	if (!tmp_key) {
		ERR(handle, "out of memory, "
		    "could not create selinux user key");
		return STATUS_ERR;
	}

	tmp_key->name = strdup(name);
	if (!tmp_key->name) {
		ERR(handle, "out of memory, could not create selinux user key");
		free(tmp_key);
		return STATUS_ERR;
	}

	*key_ptr = tmp_key;
	return STATUS_SUCCESS;
}


void sepol_user_key_unpack(const sepol_user_key_t * key, const char **name)
{

	*name = key->name;
}


int sepol_user_key_extract(sepol_handle_t * handle,
			   const sepol_user_t * user,
			   sepol_user_key_t ** key_ptr)
{

	if (sepol_user_key_create(handle, user->name, key_ptr) < 0) {
		ERR(handle, "could not extract key from user %s", user->name);
		return STATUS_ERR;
	}

	return STATUS_SUCCESS;
}

void sepol_user_key_free(sepol_user_key_t * key)
{
	if (!key)
		return;
	free(key->name);
	free(key);
}

int sepol_user_compare(const sepol_user_t * user, const sepol_user_key_t * key)
{

	return strcmp(user->name, key->name);
}

int sepol_user_compare2(const sepol_user_t * user, const sepol_user_t * user2)
{

	return strcmp(user->name, user2->name);
}

/* Name */
const char *sepol_user_get_name(const sepol_user_t * user)
{

	return user->name;
}

int sepol_user_set_name(sepol_handle_t * handle,
			sepol_user_t * user, const char *name)
{

	char *tmp_name = strdup(name);
	if (!tmp_name) {
		ERR(handle, "out of memory, could not set name");
		return STATUS_ERR;
	}
	free(user->name);
	user->name = tmp_name;
	return STATUS_SUCCESS;
}


/* MLS */
const char *sepol_user_get_mlslevel(const sepol_user_t * user)
{

	return user->mls_level;
}


int sepol_user_set_mlslevel(sepol_handle_t * handle,
			    sepol_user_t * user, const char *mls_level)
{

	char *tmp_mls_level = strdup(mls_level);
	if (!tmp_mls_level) {
		ERR(handle, "out of memory, "
		    "could not set MLS default level");
		return STATUS_ERR;
	}
	free(user->mls_level);
	user->mls_level = tmp_mls_level;
	return STATUS_SUCCESS;
}


const char *sepol_user_get_mlsrange(const sepol_user_t * user)
{

	return user->mls_range;
}


int sepol_user_set_mlsrange(sepol_handle_t * handle,
			    sepol_user_t * user, const char *mls_range)
{

	char *tmp_mls_range = strdup(mls_range);
	if (!tmp_mls_range) {
		ERR(handle, "out of memory, "
		    "could not set MLS allowed range");
		return STATUS_ERR;
	}
	free(user->mls_range);
	user->mls_range = tmp_mls_range;
	return STATUS_SUCCESS;
}


/* Roles */
int sepol_user_get_num_roles(const sepol_user_t * user)
{

	return user->num_roles;
}

int sepol_user_add_role(sepol_handle_t * handle,
			sepol_user_t * user, const char *role)
{

	char *role_cp;
	char **roles_realloc = NULL;

	if (sepol_user_has_role(user, role))
		return STATUS_SUCCESS;

	role_cp = strdup(role);
	if (!role_cp)
		goto omem;

	roles_realloc = reallocarray(user->roles,
				     user->num_roles + 1,
				     sizeof(char *));
	if (!roles_realloc)
		goto omem;

	user->num_roles++;
	user->roles = roles_realloc;
	user->roles[user->num_roles - 1] = role_cp;

	return STATUS_SUCCESS;

      omem:
	ERR(handle, "out of memory, could not add role %s", role);
	free(role_cp);
	free(roles_realloc);
	return STATUS_ERR;
}


int sepol_user_has_role(const sepol_user_t * user, const char *role)
{

	unsigned int i;

	for (i = 0; i < user->num_roles; i++)
		if (!strcmp(user->roles[i], role))
			return 1;
	return 0;
}


int sepol_user_set_roles(sepol_handle_t * handle,
			 sepol_user_t * user,
			 const char **roles_arr, unsigned int num_roles)
{

	unsigned int i;
	char **tmp_roles = NULL;

	if (num_roles > 0) {

		/* First, make a copy */
		tmp_roles = (char **)calloc(1, sizeof(char *) * num_roles);
		if (!tmp_roles)
			goto omem;

		for (i = 0; i < num_roles; i++) {
			tmp_roles[i] = strdup(roles_arr[i]);
			if (!tmp_roles[i])
				goto omem;
		}
	}

	/* Apply other changes */
	for (i = 0; i < user->num_roles; i++)
		free(user->roles[i]);
	free(user->roles);
	user->roles = tmp_roles;
	user->num_roles = num_roles;
	return STATUS_SUCCESS;

      omem:
	ERR(handle, "out of memory, could not allocate roles array for"
	    "user %s", user->name);

	if (tmp_roles) {
		for (i = 0; i < num_roles; i++) {
			if (!tmp_roles[i])
				break;
			free(tmp_roles[i]);
		}
	}
	free(tmp_roles);
	return STATUS_ERR;
}

int sepol_user_get_roles(sepol_handle_t * handle,
			 const sepol_user_t * user,
			 const char ***roles_arr, unsigned int *num_roles)
{

	unsigned int i;
	const char **tmp_roles =
	    (const char **)calloc(user->num_roles, sizeof(char *));
	if (!tmp_roles)
		goto omem;

	for (i = 0; i < user->num_roles; i++)
		tmp_roles[i] = user->roles[i];

	*roles_arr = tmp_roles;
	*num_roles = user->num_roles;
	return STATUS_SUCCESS;

      omem:
	ERR(handle, "out of memory, could not "
	    "allocate roles array for user %s", user->name);
	free(tmp_roles);
	return STATUS_ERR;
}


void sepol_user_del_role(sepol_user_t * user, const char *role)
{

	unsigned int i;
	for (i = 0; i < user->num_roles; i++) {
		if (!strcmp(user->roles[i], role)) {
			free(user->roles[i]);
			user->roles[i] = NULL;
			user->roles[i] = user->roles[user->num_roles - 1];
			user->num_roles--;
		}
	}
}

/* Create */
int sepol_user_create(sepol_handle_t * handle, sepol_user_t ** user_ptr)
{

	sepol_user_t *user = (sepol_user_t *) malloc(sizeof(sepol_user_t));

	if (!user) {
		ERR(handle, "out of memory, "
		    "could not create selinux user record");
		return STATUS_ERR;
	}

	user->roles = NULL;
	user->num_roles = 0;
	user->name = NULL;
	user->mls_level = NULL;
	user->mls_range = NULL;

	*user_ptr = user;
	return STATUS_SUCCESS;
}


/* Deep copy clone */
int sepol_user_clone(sepol_handle_t * handle,
		     const sepol_user_t * user, sepol_user_t ** user_ptr)
{

	sepol_user_t *new_user = NULL;
	unsigned int i;

	if (sepol_user_create(handle, &new_user) < 0)
		goto err;

	if (sepol_user_set_name(handle, new_user, user->name) < 0)
		goto err;

	for (i = 0; i < user->num_roles; i++) {
		if (sepol_user_add_role(handle, new_user, user->roles[i]) < 0)
			goto err;
	}

	if (user->mls_level &&
	    (sepol_user_set_mlslevel(handle, new_user, user->mls_level) < 0))
		goto err;

	if (user->mls_range &&
	    (sepol_user_set_mlsrange(handle, new_user, user->mls_range) < 0))
		goto err;

	*user_ptr = new_user;
	return STATUS_SUCCESS;

      err:
	ERR(handle, "could not clone selinux user record");
	sepol_user_free(new_user);
	return STATUS_ERR;
}

/* Destroy */
void sepol_user_free(sepol_user_t * user)
{

	unsigned int i;

	if (!user)
		return;

	free(user->name);
	for (i = 0; i < user->num_roles; i++)
		free(user->roles[i]);
	free(user->roles);
	free(user->mls_level);
	free(user->mls_range);
	free(user);
}